Apple’s massive ‘goto fail’ fixed in iOS, but not in OS X [Updated]

Late last week, Apple issued a patch for iOS, the mobile operating system powering iPhones, iPads and iPod Touch devices. The update fixed a security issue that is extremely serious – a flaw in Apple’s implementation of SSL, the encryption used to access the Internet.

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

In other words, anything you send across the Internet could be intercepted or changed. Your communications are compromised without the patch.

I know a lot of people delay or even ignore operating system updates, but doing so now will put you at serious risk. Apple made the patch available for those running iOS 7 and iOS 6.1. There’s even a patch for the version of iOS running on Apple TV. Use the software update on these devices to fix the flaw ASAP.

The flaw was caused by a single error in what’s known as a “goto” call. In programming, goto directs action from one place to another in the code. In this case, the error directs the program to go around the authentication system. Generally, using goto is considered lazy programming, and this issue makes it clear as to why.

If you want to check whether your device is vulnerable, you can visit the gotofail.com website using Apple’s Safari browser. If you device is not protected, you’ll get a warning to that effect.

You will note that the above screenshot was not taken on an iOS device – it was grabbed via Safari on a Mac running OS X Mavericks, Apple’s latest desktop operating system. While Apple may have patched its mobile devices, it has yet to do so for the Mac OS.

That’s probably because the issue is pervasive across multiple OS X apps, and not just Safari. Forbes reports that a researcher has discovered the flaw affects many of the programs that come with the operating system:

On Sunday, privacy researcher Ashkan Soltani posted a list of OSX applications on Twitter that he says he’s determined use Apple’s “secure transport” framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL. The full list, which isn’t comprehensive given that Soltani only analyzed the programs on his own PC, is shown below. (Soltani has underlined the vulnerable application names in red.)

Among the OS X apps affected: iMessage, Facetime, Mail, iBooks and more. Even Software Update – which OS X uses to update itself – is compromised. That means, in theory, an attacker could spoof an update to the operating system laced with malicious code.

There has been some speculation online that this programming error was introduced deliberately, perhaps by the NSA, because it would allow unencumbered snooping.John Gruber at Daring Fireball notes that the flaw first appeared in iOS 6, and that documents released by Edward Snowden indicate Apple was “added” to the NSA’s PRISM program a month after that release. Gruber’s skeptical that it was introduced by the NSA, but it’s very possible that the agency was taking advantage of it. I’ll buy that.

Regardless, if you use iOS devices and you have not patched, do so now. And if you’re a Mac user, keep an eye out for a fix for OS X, and update as soon as it’s available. In the meantime, you may want to use another browser other than Safari, and use a web based interface for your email until it’s fixed.

Update 2.25.2014: It has been pointed out that devices running the flawed version of iOS and OS X are vulnerable only when the user and attacker are on the same Wi-Fi network. But security blogger Brian Krebs notes that it also works if the attacker has control over a cellular network as well.

Also, while there is a patch for iOS 6.1, it’s only for the iPhone 3GS and older versions of the iPod Touch, according to Larry Seltzer at ZDNet. The fix for iPhone 4 and iPhone 4S users still on iOS 6 is to upgrade to iOS 7.0.6.

by using Android, one is 1000 times more likely to have all of your Bank info, including passwords already sitting on Chinese servers for sale on black market sites, do this person’s advise at one’s extremely high risk.

If you use any other browser on iOS, it uses a rendering engine that is a subset of Safari. Any app that displays web pages also uses the Safari renderer. Whether you know it or not, you ARE using Safari. Be smart: Update.

i have a 4S and won’t update to ios v7.xx. Our IT group has told all the 4S users not to update. And I am not eligible for an upgrade until August (got the phone right before the 5’s came out). Are they going to offer patches for those whose phones really can’t handle 7?

I’m not making light of the seriousness of this vulnerability, but it is a little frustrating that most of the coverage neglects to mention that the risk is from others on the same network as you.

Which brings up a larger point – there’s a certain amount of risk in using any public wifi, even those that require authentication. You don’t really know who is sitting there at the coffee shop probing the other machines on the network. This isn’t the first SSL vulnerability and it won’t be the last – if you find yourself needing to use public wifi regularly, best practice is to use a VPN. There are VPN services you can use, and if you’re doing work, you should be using your corporate VPN.

The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device.

Control over the local network is only one of many ways to exploit this vulnerability. Since the certificate is never validated, all it takes is a method that will get the user’s device to connect to a server with an invalid key. There are numerous ways to accomplish that ranging from DNS cache poisoning, control of DNS servers used by the device’s network connection, control of host records on authoritative DNS servers, control of a proxy server used by the device’s network connection and even a compromise of the server the user is connecting to. None of these other methods require any control of the local network. Using a VPN is generally a good idea but wouldn’t completely protect users from this vulnerability. It also wouldn’t be very useful if the validity of the VPN server’s certificate isn’t checked.

Goto has pretty much been considered a poor practice for a long time. See this argument against it from 1968. Though in the computer science class I took in the late 1970s, they were still teaching it.